so, if my parameters are: foo=bar&bar=baz, I will sort the dictionary of parameters, add the secret $SECRET='asd32efe32ef2df23' and create: $sig = md5('bar=baz&foo=bar'.$SECRET); then can just add &sig={$sig} to the request. the other side will do the same with the parameters (excluding sig) and validate it.